ADC CLI Commands

ssl-certKeyBundle

The following operations can be performed on “ssl-certKeyBundle”:

update add show rm

update ssl certKeyBundle

Updates the specified certificate-key bundle.

Synopsis

update ssl certKeyBundle [-bundlefile ] [-passplain ]

Arguments

certkeyBundleName Name given to the cerKeyBundle. The name will be used to bind/unbind certkey bundle to vip. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my file” or ‘my file’).

bundlefile Name of and, optionally, path to the X509 certificate bundle file that is used to form the certificate-key bundle. The certificate bundle file should be present on the appliance’s hard-disk drive or solid-state drive. /nsconfig/ssl/ is the default path. The certificate bundle file consists of list of certificates and one key in PEM format.

passplain Pass phrase used to encrypt the private-key. Required when certificate bundle file contains encrypted private-key in PEM format.

Example

update ssl certKeyBundle test_bundle -bundlefile /nsconfig/ssl/bundle_update.pem

add ssl certKeyBundle

Adds a certificate-key bundle. After it is bound to a virtual server, it is used for processing SSL transactions.

Synopsis

add ssl certKeyBundle -bundlefile [-passplain ]

Arguments

certkeyBundleName Name given to the cerKeyBundle. The name will be used to bind/unbind certkey bundle to vip. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my file” or ‘my file’).

bundlefile Name of and, optionally, path to the X509 certificate bundle file that is used to form the certificate-key bundle. The certificate bundle file should be present on the appliance’s hard-disk drive or solid-state drive. /nsconfig/ssl/ is the default path. The certificate bundle file consists of list of certificates and one key in PEM format.

passplain Pass phrase used to encrypt the private-key. Required when certificate bundle file contains encrypted private-key in PEM format.

Example

1) add ssl certKeyBundle bundle1 -bundlefile /nsconfig/ssl/cert_bundle.pem 2) add ssl certKeyBundle bundle2 -bundlefile /nsconfig/ssl/cert_bundle_enc.pem -passplain <>

show ssl certKeyBundle

Displays information about all configured certificate-key bundle’s on the appliance, or displays detailed information about the specified certificate-key bundle.

Synopsis

show ssl certKeyBundle []

Arguments

certkeyBundleName Name given to the cerKeyBundle. The name will be used to bind/unbind certkey bundle to vip. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my file” or ‘my file’).

Output

bundlefile Name of and, optionally, path to the X509 certificate bundle file that is used to form the certificate-key bundle. The certificate bundle file should be present on the appliance’s hard-disk drive or solid-state drive. /nsconfig/ssl/ is the default path. The certificate bundle file consists of list of certificates and one key in PEM format.

passplain Pass phrase used to encrypt the private-key. Required when certificate bundle file contains encrypted private-key in PEM format.

serverName Vserver name to which the certKeyBundle is bound.

subject Subject name.

serial Serial number.

issuer Issuer name.

publickey Public key algorithm.

publickey Public key algorithm.

publickeysize Size of the public key.

sandns Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. These values are called “Subject Alternative Names” (SAN). This field is for DNS names

sanipadd Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. These values are called “Subject Alternative Names” (SAN). This field is for IP address

sandns Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. These values are called “Subject Alternative Names” (SAN). This field is for DNS names

sanipadd Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. These values are called “Subject Alternative Names” (SAN). This field is for IP address

clientCertNotBefore Not-Before date.

clientCertNotAfter Not-After date.

daysToExpiration Days remaining for the certificate to expire.

signatureAlg Signature algorithm.

status Status of the certificate.

stateflag devno count

Example

1) show ssl certKeyBundle bundle1 2) show ssl certKeyBundle

rm ssl certKeyBundle

Removes the specified certificate-key bundle. The certificate-key bundle is removed only if it is not referenced by any SSL virtual server.

Synopsis

rm ssl certKeyBundle

Arguments

certkeyBundleName Name given to the cerKeyBundle. The name will be used to bind/unbind certkey bundle to vip. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my file” or ‘my file’).

Example

rm ssl certKeyBundle bundle1

ssl-certKeyBundle